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AMENDMENTS TO THE CLAIMS 

1 . (Currently amended) fa a eesapgte* system A method for p roviding access to at least one 
secure resource upon authentication of a user where said user authentication is performed by an 
authentication server in remote communication with a client in use by said user, ^themethod ef 
saving paid user authentication for U5C whon paid auth e nt i cation awvar io unavailable, the method 
comprising the steps of: 

(a) s ubmitting a user authentication request to said authentication server; 

(fr) in response to a successful user authentication^ 

(bn receiving an authenticated user credential which is-isunique to said user 

(b2) storing said authenticated credential on said client utilizing a security method to 

prevent tampering with the credential; and 

(b3) using said authenticated credential to access said at least one secure resource; 
(c) i n response to an unsuccessful user authentication: 

(cl}_ determining whether said authentication server is in operative communication 
with said client; 

(c2) in response to a step (cl) d etermination that said authentication server is not in 
operative communication with said client: 

(c2a) searching said client for a stored authenticated credential corresponding to 

said user; 

(c2b) _i n response to a step (c2a) finding of an authenticated credential 
corresponding to said user, using said stored authenticated credential to access 
said at least one secure resource without further authenticating th e credential with 
the server or other authenticating entity w hile said authentication server is not in 
operative communication with said client; and 

(c2c) i n response to not finding in step fc2a) a n authenticated credential 
corresponding to said user, failing the user authentication request. 
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2. (Currently amended) The method of claim 1 further comprising the steps of: 
(c3J_in response to a step (cl) determination that said authentication server is in 

operative communication with said client: 

{c3a)_ erasing from said client any stored authenticated credential corresponding to said 

user; and 

(clh) failing said user authentication request. 

3. (Cancelled) 

4. (Currently amended) The method of claim 1 wherein said security method is encryption 
of the credential , farther comprising the steps oft 

decrypting the credential: 

determining whether the decrypted credential has been tam pered with: and 



fail mp the user airthentication request in response to a determination that the decryp ted 
credential has been tampered with . 

5. (Currently amended) The method of claim 1 wherein said security method is Public Key 
Tnfmsmicture. farther comprising the steps of: 

decrypting the credential with a key stored on the client; 

determining whether the decrypted credential has been tampere d with: and 

failing die user authentication request m response to a deter mination that the decrypted 



credential has been tampered with . 

6. (Currently amended) The method of claim ±-5wherein said Public Key Infrastructure 
-is hardware^based Public Key Infrastructur e, 

Claims 7-9. (Cancelled) 
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10. (Curren tly amended) Tn g computer system - A, method for p roviding access to at least one 
secure resource upon authentication of a user where said user authentication is performed by an 
authentication server in remote communication via a secure gateway with a client in use by said 
userr a - mcthod of caching said user authentication for use whon said auth e ntication serve? is 
unavailabl e, the method comprising the steps of: 

(a) submitting a user authentication request to said authentication server; 

(b) in response to a successful user authentication; 

fbn receiving an authenticated user credential which is unique to said user; 

(b2) storing said authenticated credential on said client utilizing a security method to 

prevent tampering with the credential; 

£b3) storing said authenticated credential on said gateway utilizing a security method to 
prevent tampering with the credential ; and 

(b4) using said authenticated credential to access said at least one secure resource; 

(c) in response to an unsuccessful user authentication: 

(c\) determining whether said authentication server is in operative communication 
with said client; 

(c2)_in response to a step (cl) determination that said authentication server is not in 
operative communication with said client; determi n ing whether said gateway is in 
operative communication with said client; 

(c3) in response to a step (c2) d etermination that said gateway is not in operative 
communication with said client: 

(c3a) searching the client for an authenticated credential corresponding to said 

user, 

(c3b) in response to finding an authenticated credential corresponding to said 

use r in step fc3a\ using said authenticated credential to access said at least one secure 
resource without further authenticating the credential with the server or the gateway or 
another authenticating entity w hile said gateway is not in operative communication with 
said client : and 

(c3c) in response to not finding an authenticated credential corresponding to said 

use r in step (c3a\ failing the user authentication request 
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1 1 . (Currently amended) The method of claim 10 further comprising the steps of: 

£c4] in response to a step (o2) determination that said gateway is in operative communication 

with said client: 

(c4a) searching the gateway for an authenticated credential corresponding to said user; 
(c4b)_ in response to finding an authenticated credential corresponding to said useron 
the gateway in step (c4a\ using said authenticated credential to access said at least one 
secure resource without farther authenticating the credential with the server or gateway pi 
other airthenticating entity ; 

(c4c) in response to not finding an authenticated credential corresponding to said user 

on the gateway in step (c4a), failing the user authentication request; 
£c5)_in response to a step (cll detennination that said authentication server is in operative 
communication with said client: 

(c5a) erasing from the client any authenticated credential corresponding to said user; 

(c5b) erasing from the gateway any authenticated credential corresponding to said user; 

and 

(c5c1 failing the user authentication request. 
Claims 12-15. (Cancelled) 

1 6. (Currently amended) The method of claim 1 1 wherein at least one of s aid step (b2),and 
step fb3T security method -methods i s encryption of the credential, farther comprising the steps of: 
decrypting the credential: 

determining whether the decrypted credential has been tampered with: and 

failing the user authentication request in response to * HAf^-minfltion that the decrypted 
credential has been tampered with . 
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17. (Currently amended) The method of claim 11 wherein at least one of s aid step (b2) and 
step (^s ecurity ffie#^methods_is Public Key Injfrastructure, further comprising the steps of: 
decrypting the credential with a key stored o n the client 

determining whether the decrypted credential has been tampered with; and 
failing the user authentication request in response to a d etermination that the decrypted 
credential has been tampered with. 

18. (Currently amended) The method of claim 44-17_wherein said Public Key Infrastructure 
security mothod i s hardwareibase d Public Key Infrastructu re- 

19. (New) The method of claim 1 0 wherein the authenticated user credential is a light-weight 
directory access protocol, 

20. (New) The method of claim 1 0 wherein the wherein at least one of the steps (c3b) and 
(c4b) of using said authenticated credential to access said at least one secure resource further 
comprise the steps of 

determining an elapsed time since a previous remote server authorization; 
comparing the elapsed time to a threshold time; and 

in response to the elapsed time exceeding the threshold time, failing the user 
authentication request. 

21. (New) The method claim 10 further comprising the steps of: 

assigning a high sensitivity level or a low sensitivity level to the at least one secure 
resource; and 

failing the user authentication request if the at least one secure resource sensitivity level is 
the high sensitivity level unless the authenticated credential is found on either the server or the 
gateway. 



&PS920020105USI 0-6095) 

-6- 



PAGE 8114 * RCVD AT 10/17/2006 7:02:46 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-2/7 1 DNIS:2738300 • CSID:440 391 5101 * DURATION (mm-ss):04-22 



10/17/2006 19:00 FAX 440 391 5101 



DRIGGS ET AL 



@]009 



22. (New) The method of claim 1 wherein the authenticated user credential is a light-weight 
directory access protocol, 

23. (New) The method of claim 1 wherein the step (c2b) of using said authenticated 
credential to access said at least one secure resource further comprise the steps of: 

determining an elapsed time since a previous remote server authorization; 
comparing the elapsed time to a threshold time; and 

in response to the elapsed time exceeding the threshold time, failing the user 
authentication request 

24. (New) The method claim 1 further comprising the steps of: 

assigning a high sensitivity level or a low sensitivity level to the at least one secure 
resource; and 

failing the user authentication request if the at least one secure resource sensitivity level is 
the high sensitivity level unless the authenticated credential is found on either the server or the 
gateway. 

25. (New) A computer system, comprising: 
an authentication server; 

a client in remote communication with the authentication server, and 
at least one secure resource in communication with the client; 

wherein the client is configured to store on the client a first authenticated credential 
received from the authentication server in response to a successful user authentication by 
utilizing a security method to prevent tampering with the credential; and 

wherein the client is configured to use the stored first authenticated credential to access 
the at least one secure resource without further authenticating the first credential with the server 
or other authenticating entity while the authentication server is not in operative communication 
with the client. 
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26. (New) The computer system of claim 25, further comprising a secure gateway machine 
connected between the authentication server and the client; 

wherein the gateway machine is configured to store a second authenticated credential on 
the gateway received from the authentication server in response to a successful user 
authentication by utilizing a security method to prevent tampering with the second credential; 
and 

wherein the client is further configured to use the second authenticated credential to 
access Ihe at least one secure resource without further authenticating the second credential with 
the server or other authenticating entity while the authentication server is not in operative 
communication with the gateway. 

27. (New) The method of claim 26, wherein at least one of the client security method and the 
gateway security method is encryption, and wherein the client is further configured to decrypt the 
first credential or the second credential, determine whether the decrypted credential has been 
tampered with, and fail a user authentication request if decrypted credential has been tampered 
with. 

28. (New) The method of claim 26, wherein at least one of the client security method and the 
gateway security method is Public Key Infrastructure, and wherein the client is further configured 
to decrypt the first credential or the second credential with a key stored on the client, determine 
whether the decrypted credential has been tampered with, and fail a user authentication request if 
decrypted credential has been tampered with. 
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